The SELinux security policy prevents a new list from being created using the web interface (note: bin/newlist works). Attached are the mailman stack trace and the avc error message in /var/log/messages. Note: this was originally reported by Markus Darges <darges.de> on the mm-users mailing list.
Created attachment 110549 [details] python stack trace
Created attachment 110550 [details] avc error message in /var/log/messages
Note: short term work arounds include: 1) Disable SELinux 2) use command line interface to create lists (e.g. bin/newlist)
[From Markus in a private email] But that was not the only problem between SELinux and mailman. With SELinux turned on I couldn't import a list of new members. I got the error that no usable temporary file could be found. And I wasn't able to change the html sites: Traceback (most recent call last): File "/usr/lib/mailman/scripts/driver", line 87, in run_main main() File "/usr/lib/mailman/Mailman/Cgi/edithtml.py", line 123, in main ChangeHTML(mlist, cgidata, template_name, doc) File "/usr/lib/mailman/Mailman/Cgi/edithtml.py", line 161, in ChangeHTML os.mkdir(langdir, 02775) OSError: [Errno 13] Permission denied: '/var/lib/mailman/lists/ma1/de'
About the problem with importing new members ("no usable temporary directory"), I just filed bug #147466 with a workaround that does not require SELinux to be disabled. About this bug, the file policy.conf contains the following policy: allow mailman_cgi_t mailman_archive_t:dir { read getattr lock search ioctl add_name remove_name write }; in order to create a list the "create" permission is also necessary and should be added. However, this does not seem to be enough, as there is still a problem when Mailman tries to invoke /usr/sbin/postalias: RuntimeError: command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted) audit2allow says that the problem might be fixed by adding the policy: allow mailman_cgi_t self:unix_dgram_socket create; however I didn't feel confident to add that, because of my ignorance about possible repercussions.
fixed in latest security policy
*** Bug 151550 has been marked as a duplicate of this bug. ***